It is feasible to an extent since loading each builtin object type is handled by a different function. However, as others have pointed out it makes more sense to use a more robust protocol than try to patch pickle.
-Walker On 7/20/07, Hendrik van Rooyen <[EMAIL PROTECTED]> wrote:
Walker Lindley wrote: >Right, I could use Pyro, but I don't need RPC, I just wanted an easy way to send objects across the network. I'm sure >both Pyro and Yami can do that and I may end up using one of them. For the initial version pickle will work because we >have the networking issues figured out with it, just not the security problem. So we may end up just sending strings back >and forth that will let us fill out an object's member variables on the other end. It's much less cool, but it seems like it'd >be more secure. > This passing of a pickled structure is so handy for simple things like lists of parameters, and so on, that I wonder if it would not be worth while to somehow beef up the security of the pickle stuff. One heretical way I can think of would involve strict "typing" at the receiving end - if you expect say a dict, then you should somehow specify that anything else should fail... as dict my_received_dict = cpickle.loads(data_from_network) or, better without a new "as" keyword: my_received_dict=cpickle.loads(data_from_network,type=dict) Is this at all feasible? - Hendrik -- http://mail.python.org/mailman/listinfo/python-list
-- This e-mail is licensed under the Creative Commons Attribution-NoDerivs 2.5License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
-- http://mail.python.org/mailman/listinfo/python-list
